On Mon, Aug 4, 2008 at 2:00 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> Jordi Prats wrote:
>>
>> On Mon, Aug 4, 2008 at 1:33 PM, Amos Jeffries <squid3_at_treenet.co.nz>
>> wrote:
>>>
>>> Jordi Prats wrote:
>>>>
>>>> Hi all,
>>>> I've a transparent proxy using iptables+squid. It's possible to
>>>> instruct squid to proxy only if the URL does not contain a given
>>>> string?
>>>>
>>>> For example, if you try to access to
>>>> http://lol.example.com/ALLOWEDSTRING/page.html through squid, it
>>>> should allow direct access.
>>>>
>>>> Anyone have a setup like this?
>>>
>>> Once the request has reached Squid its impossible to stop it reaching
>>> Squid.
>>
>> So, how can it be configured as invisible as possible? I'm trying to
>> setup a honeyspot using squid to analyze HTTP data.
>>
>
> Okay.
> Two questions to help me out with my suggestions:
>
> Exactly what type of helper software are you using to do the analysis?
> (by helper style I mean: ICAP scanner, redirector capture, log analysis,
> etc.)
I've setup a gateway to NAT all allowed traffic, except traffic that
goes to port 80, with I redirect to squid (from iptables):
86 4128 REDIRECT tcp -- eth3 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 redir ports 3128
By now, I'm using a squid log analysis tool to extract a navigation
history. (It's enough for me)
> ... and why do you need to exclude certain requests?
> (known good sources, from the helper software itself, etc?)
I need to exclude requests to any url that contains a string like
"proxytest" to hide my proxy because recently I've seen this URL in
squid's accesslog:
http://blablabla/proxytest/blablabla
If it's not possible to skip this type of requests, could you please
give me any hints in order to setup a squid as transparent as
possible?
regards,
>>
>>> What you need is a WPAD/PAC setup for clients browsers.
>>>
>>> Though there is really no good reason why you can't just proxy straight
>>> through for all HTTP requests. The limit usually comes down to broken web
>>> server apps.
>>>
>>> Amos
>
>
>
> Amos
> --
> Please use Squid 2.7.STABLE3 or 3.0.STABLE8
>
-- JordiReceived on Mon Aug 04 2008 - 12:12:28 MDT
This archive was generated by hypermail 2.2.0 : Tue Aug 05 2008 - 12:00:02 MDT